Chat-Nest API

NestJS-based chat system backend with real-time messaging and guaranteed email notifications
Explore the docs »

Report Bug · Request Feature

Table of Contents

1. About The Project
   • Built With
2. Getting Started
   • Prerequisites
   • Installation
3. API Endpoints
4. Roadmap
5. Deployment
6. License
7. Contact

About The Project

A robust NestJS-based chat system backend with REST API and WebSocket support. Designed to work with any modern frontend framework. Features zero message loss, guaranteed email notifications, and real-time communication capabilities.

Key Features

• Zero Message Loss: All messages saved to database with atomic transactions
• Guaranteed Email Notifications: Every visitor message triggers an email to admin
• Real-time Communication: WebSocket support for instant messaging
• Session Management: Automatic session creation and management
• Admin Dashboard API: Complete session and message management

(back to top)

Built With

• 
• 
• 
• 
• 

(back to top)

Getting Started

Prerequisites

• Node.js
• pnpm
• Supabase account
• Docker Desktop
• Email SMTP credentials (Gmail recommended)

Installation

1. Clone the repository

   git clone https://github.com/Nagell/dawid-nitka-chat.git

2. Install packages

   pnpm install

3. Copy .env.example to .env and configure your environment variables

   cp .env.example .env

4. Set up your database using Supabase migrations (see Development Guide for details)

   # For local development
   pnpm supabase start
   
   # For production setup
   pnpm supabase login
   pnpm supabase link --project-ref <your-project-id>
   pnpm supabase db push

5. Start the development server

   pnpm run start:dev

6. The server will start on http://localhost:3001

Quick Start - Test the API

Once running, test the API with these simple curl commands:

# Health check
curl http://localhost:3001/api/chat/health

# Create a chat session
curl -X POST http://localhost:3001/api/chat/sessions \
  -H "Content-Type: application/json" \
  -d '{"visitor_email":"[email protected]","visitor_name":"Test User"}'

# Send a message (use session_id from previous response)
curl -X POST http://localhost:3001/api/chat/messages \
  -H "Content-Type: application/json" \
  -d '{"session_id":1,"content":"Hello!","sender_type":"visitor"}'

(back to top)

API Endpoints

Chat Sessions

• POST /api/chat/sessions - Create a new chat session
• GET /api/chat/sessions/{id} - Get session details
• GET /api/chat/sessions/{id}/messages - Get messages for a session
• POST /api/chat/sessions/{id}/mark-read - Mark messages as read

Messages

• POST /api/chat/messages - Send a new message

Admin

• GET /api/chat/admin/sessions - Get all sessions with summary
• GET /api/chat/admin/stats - Get WebSocket connection statistics

Health Check

• GET /api/chat/health - Health check endpoint

(back to top)

Roadmap

✅ Completed Features

• Backend Architecture - Complete NestJS setup with modular structure
• Database Schema - Comprehensive Supabase schema with triggers and RPC functions
• REST API Endpoints - Full CRUD operations tested in local and production environments
• Input Validation - class-validator DTOs with email, length, and type validation
• WebSocket Gateway - Server-side gateway with room management and typing indicators
• Email Notifications - HTML email service tested and working with Gmail SMTP
• Environment Configuration - Production/development environment separation working
• HTML Security - XSS protection with proper input escaping implemented
• Database Testing - Both local and production Supabase connections verified
• Production Environment - Production server tested with isolated database

🔄 In Progress

• WebSocket Client Testing - Need to test real-time functionality from client side
• Security Hardening - Critical authentication guards and session security needed

⏳ Upcoming Features

• Session Authentication - Token-based session access control
• Admin Authentication - Cross-Supabase JWT validation for admin endpoints
• Rate Limiting - Protection against spam and abuse
• API Documentation - OpenAPI/Swagger documentation generation
• Frontend Integration - Nuxt.js components for portfolio integration
• Admin Dashboard - Complete session management interface
• Performance Optimization - Caching and query optimization
• Deployment Setup - Production deployment to Vercel/Railway

🚨 Security Priorities

• Session Access Control - Prevent unauthorized access to chat sessions
• Admin Endpoint Protection - Secure admin functionality with proper authentication
• WebSocket Validation - Add validation DTOs for WebSocket message events
• Security Headers - Add helmet middleware with security headers

See TODO.md for detailed implementation progress and security audit findings.

(back to top)

Deployment

Vercel Deployment

1. Deploy to Vercel:

   pnpm add -g vercel
   vercel --prod

2. Set environment variables in Vercel dashboard

Railway Deployment

1. Connect your repository to Railway
2. Set environment variables
3. Deploy automatically on push

(back to top)

License

Distributed under the CC BY-NC 4.0 License. See LICENSE for more information.

(back to top)

Contact

Dawid Nitka - LinkedIn

Project Link: https://github.com/Nagell/chat-nest

(back to top)